Thank you @fig for the very useful feedback!
It is true that from rule violations one could derive a concrete exploit, and thus withholding information to a select group of users can be problematic.
However, we need to make a distinction between bugs found pre-deployment, and bugs found after the deployment.
There is no problem to show all of the details of the violation if it was found pre-deployment (given that it is fixed in time, of course!).
As for post-deployment, we plan to work with the community to find a disclosure mechanism that ensures a prompt fix to the issue without giving up on decentralization.